In response to recent questions from member banks, ABA today issued a staff analysis providing clarity on a new exception to the annual privacy notice requirement recently signed into law. Under the new law, banks are no longer required to send out an annual privacy notice to customers, provided that they have not changed their policies and practices on the disclosure of nonpublic information since the previous notice was sent and that they do not share non-public personal information with third parties, unless required by law.
The new law did not change the provisions that apply to information sharing with affiliates under the Fair Credit Reporting Act; however, FCRA does not require an annual notice to be sent to customers.
ABA recommended that institutions review their policies and procedures to be certain that the standards for meeting the notice and opt-out for affiliates under FCRA are in compliance, which should include providing a way for customers to be notified and opt-out if the institution’s policy on information sharing with affiliates changes. For more information, contact ABA’s Rob Rowe.